At a Glance
- Tasks: Shape security compliance and build a culture of awareness at GWI.
- Company: Join a dynamic team at GWI, a leader in data insights.
- Benefits: Enjoy 25 days leave, health perks, and flexible working options.
- Other info: Diverse and inclusive workplace with opportunities for professional growth.
- Why this job: Make a real impact in information security while growing your career.
- Qualifications: Experience with ISO 27001 and strong communication skills are key.
The predicted salary is between 70000 - 90000 £ per year.
Location: London, UK
Weekly office requirement: Hybrid – 2 days per week
Employment type: Permanent
Seniority level: Mid-Senior
At GWI we're always looking for extraordinary people who thrive on making an extraordinary impact. Right now we're looking for an Information Security GRC Specialist to play a key role in our Legal team in London. If that's you, and making a difference gets you out of bed in the morning, keep reading. It could be the start of something, well, extraordinary.
Sounds great, what will I be doing?
As our Information Security GRC Specialist you'll play a pivotal role in shaping the future of security compliance at GWI. Reporting into our General Counsel and working closely with our Information Security, Product, and Technology teams, you'll own our compliance posture across security frameworks, vendor risk, and client-facing security requirements — while building a security-conscious culture across the business.
A few things you'll be responsible for:
- Own and maintain GWI's ISO 27001 certification and compliance across relevant security frameworks, keeping our posture sharp as the threat landscape evolves.
- Develop, implement, and maintain information security policies and procedures aligned with industry best practices.
- Lead vendor risk management and client security assessments — including responding to client security questionnaires and onboarding requirements.
- Build and maintain GWI's security trust portal, showcasing our credentials to clients and stakeholders using tools such as Drata or Vanta.
- Drive security awareness across the business through training programmes and internal communications that promote a strong GRC culture.
It's also fun; shaking things up is what working for GWI is all about. You'll need to be flexible, comfortable with continuous change, and working in a high-tempo environment.
What do I need to bring with me?
You'll need to be able to demonstrate the core skills this role requires. You don't have to tick all the boxes right away; the important thing is that you're willing to learn. Here's what the team will be looking for in you:
- In-depth, practical experience obtaining and maintaining ISO 27001 certification, with solid knowledge of frameworks such as NIST — typically 3–5 years in an information security compliance role, though other experience levels will be considered.
- Proven ability to develop and maintain security policies and procedures that align with industry best practice.
- Experience conducting vendor security assessments and managing client security onboarding requirements, balancing risk against commercial objectives.
- Hands-on experience building or maintaining a security trust portal; familiarity with tools such as Drata or Vanta is a plus.
- Knowledge of SaaS and AI environments, with experience implementing and managing cloud security best practices.
- Strong communication skills — able to translate complex GRC topics into clear internal guidance and keep the wider business informed and engaged on security matters.
Equally important is attitude. We want people who think big (to make an impact), ask why (to find a better way), and show respect (to everyone, at every level, all the time). Those are our values, and they're a big part of what we're looking for in you.
What We Offer
- Time to recharge – 25 days’ annual leave, plus office closures over the holidays.
- Health & wellbeing – Health cash plan, enhanced family benefits, carer days, and mental health support.
- Financial benefits – Competitive salary, 4% pension matching, and recognition programs that celebrate success.
- Flexibility & balance – Flexitime, early Friday finishes, hybrid and remote options, plus a “work from home” budget.
- Career growth – Accredited learning, leadership development, and global career mobility.
- Community & impact – DE&I initiatives, volunteering opportunities, donation matching, and payroll giving.
Put all that together and GWI is the friendliest, most fulfilling place any of us has ever worked.
Diversity, Equity & Inclusion
Diversity is fundamental to who we are—both as a data company and as a workplace. Our data reflects global realities, and so must our teams. We strive to ensure our workforce is as diverse and inclusive as the insights we provide to our clients. As a Disability Confident employer, we welcome applications from disabled candidates and are committed to providing all necessary adjustments during the hiring process. We also actively encourage applications from underrepresented and marginalized communities. At GWI, you will find a place where you can contribute meaningfully, grow professionally, and belong fully.
Information Security Governance, Risk and Compliance Specialist in London employer: GWI
At GWI, we pride ourselves on fostering a vibrant work culture that empowers our employees to make a meaningful impact. With a strong focus on professional growth, we offer accredited learning opportunities, flexible working arrangements, and a commitment to diversity and inclusion, making our London office an exceptional place for the Information Security GRC Specialist to thrive and contribute to our mission.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Governance, Risk and Compliance Specialist in London
✨Join Compliance Communities
Get involved in compliance and risk communities — both online and offline. Look for forums, LinkedIn groups, or even local meetups where compliance pros hang out. You never know who might drop a job opportunity your way!
✨Attend Industry Conferences
Keep an eye out for compliance and risk management conferences and workshops in your area. These events are a goldmine for networking, and they often have job boards or recruiters on-site looking for new talent. Plus, it’s a chance to learn what's trending in the field.
✨Leverage Your University Career Services
If you’ve recently graduated or are still studying, head over to your university's career services. Many companies, including those in compliance, actively recruit fresh talent through these services, so make sure you tap into that resource.
✨Showcase Your Knowledge Online
Start writing articles or blog posts about compliance topics that interest you. Share them on platforms like LinkedIn to demonstrate your knowledge and passion. This not only builds your presence in the field but can also catch the attention of companies like GWI looking for candidates who are engaged and informed.
We think you need these skills to ace Information Security Governance, Risk and Compliance Specialist in London
Some tips for your application 🫡
Show Your Understanding of Compliance:In the compliance-risk field, it's super important to showcase your understanding of regulations and risk management frameworks. Highlight any relevant coursework, certifications (like ICA or AML), or even projects that demonstrate your knowledge and commitment to this area. We want to see how you can navigate this complex landscape!
Quantify Your Achievements:When detailing your experience, try to quantify your achievements. For example, if you've previously worked on a project that improved compliance metrics or reduced risk exposure, give us the numbers! This data-driven approach really stands out to hiring managers in compliance-risk roles.
Tailor Your CV to Reflect Relevant Skills:Make sure your CV highlights skills that are particularly relevant to compliance, like attention to detail, analytical thinking, and report writing. Ensure these are easy to spot – consider using bullet points to break down your responsibilities and achievements for maximum impact!
Craft a Motivating Cover Letter:In your cover letter, let us know why you’re excited about the compliance-risk role at GWI. Share what motivates you about compliance, and how you believe you can contribute to our mission. This is your chance to showcase not only your skills but also your passion for this important field!
How to prepare for a job interview at GWI
✨Master the Regulations
Brush up on key compliance regulations relevant to the industry you're applying to. Familiarising yourself with specific laws and frameworks used in your field will give you an edge during technical questions. Show that you’re not just aware of them but can also apply them—think real-life scenarios!
✨Show Your Analytical Skills
Compliance roles really focus on analytical skills, so be prepared for case studies or situational questions during the interview. We've got to demonstrate how we approach risk assessments or compliance audits, possibly drawing on examples from past experiences or university projects. Bring some thoughtful case scenarios to discuss!
✨Know Your Tools
Get comfortable with commonly used compliance software and tools. Familiarity with platforms like RSA or MetricStream can really impress during your interview, as it shows you're ready to hit the ground running. If you’ve had any experience with them, make sure to highlight that!
✨Align with Company Culture
Since it's a full-time position, show your long-term commitment and interest in the company’s mission and values. Dive into how your ethics and professional philosophy align with GWI’s stance on compliance. A shared vision can really resonate with interviewers looking for fit as much as skill!
